What is claimed is: 

1 1. An apparatus comprising: 

2 a key generator to generate an operating system nub key (OSNK) unique to an 

3 operating system (OS) nub, the OS nub being part of an operating system running on a 

4 secure platform; and 

5 a usage protector coupled to the key generator to protect usage of a subset of a 

6 software environment using the OSNK. 

1 2. The apparatus of claim 1 wherein the key generator comprises: 

2 a combiner to combine an identification of the OS nub and a master binding key 

3 (BKO) of the secure platform, the combined identification and the BKO corresponding to 

4 the OSNK. 

1 3. The apparatus of claim 2 wherein the identification is a hash value of one 

2 of the OS nub and a certificate representing the OS nub. 

1 4. The apparatus of claim 1 wherein the usage protector comprises: 

2 an encryptor to encrypt the subset of the software environment using the OSNK. 
1 5. The apparatus of claim 1 wherein the usage protector comprises: 
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a first encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK, the encrypted first hash value being stored in a storage; 

a second encryptor to encrypted a second hash value of the subset of the software 
environment using the OSNK; and 

a comparator to compare result between the encrypted second hash value and the 
encrypted first hash value retrieved from the storage, the comparison result indicating if 
the subset of the software environment has been modified. 

6. The apparatus of claim 1 wherein the usage protector comprises: 

a first encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK, the encrypted first hash value being stored in a storage; 

a decryptor to decrypt the encrypted first hash value using the OSNK; and 

a comparator to compare result between a second hash value and the decrypted 
first hash value retrieved from the storage, the comparison result indicating if the subset 
of the software environment has been modified. 

7. The apparatus of claim 1 wherein the usage protector comprises: 

a signature generator to generate a signature of the subset of the software 
environment using a private key; and 
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4 a signature verifier to verify the signature using a public key to protect usage of 

5 subset if the subset of the software environment has been modified. 

1 8. The apparatus of claim 1 wherein the usage protector comprises: 

2 a manifest generator to generate a manifest of the subset of the software 

3 environment, the manifest describing the potion of the software environment; 

4 a signature generator coupled to the manifest generator to generate a manifest 

5 signature of the manifest using a private key, the private key being decrypted by a 

6 decryptor using the OSNK; 

7 a signature verifier coupled to the signature generator to verify the manifest 

8 signature using a public key; and 

9 a manifest verifier coupled to the signature verifier to verify the manifest, the 

10 verified manifest indicating if the subset of the software environment has been modified. 

1 9. The apparatus of claim 1 wherein the secure platform uses an isolated 

2 execution mode. 

1 10. The apparatus of claim 1 wherein the software environment is one of a 

2 Windows operating system, a Windows 95 operating system, a Windows 98 operating 

3 system, a Windows NT operating system, and a Windows 2000 operating system. 
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1 1 . The apparatus of claim 9 wherein the subset of the software environment 
is a registry of an operating system. 
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3 12. The apparatus of claim 2 wherein the BKO is generated at random on a 

4 first invocation of a processor nub. 

1 1 3 . A method comprising: 

2 generating an operating system nub key (OSNK) unique to an operating system 

3 (OS) nub, the OS nub being part of an operating system running on a secure platform; 

4 and 

5 protecting usage of a subset of the software environment using the OSNK. 

1 14. The method of claim 1 1 wherein generating the OSNK comprises: 

2 combining an identification of the OS nub and a master binding key (BKO) of the 

3 secure platform, the combined identification and the BKO corresponding to the OSNK. 

1 15. The method of claim 12 wherein the identification is a hash value of one 

2 of the OS nub and a certificate representing the OS nub. 

1 16. The method of claim 1 1 wherein protecting usage comprises: 

2 encrypting the subset of the software environment using the OSNK. 

1 17. The method of claim 1 1 wherein protecting usage comprises: 

2 encrypting a first hash value of the subset of the software environment by the 

3 OSNK, the encrypted first hash value being stored in a storage; 
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4 decrypting the encrypted first hash value of the subset of the software; and 

5 comparing the encrypted second hash value to the encrypted first hash value 

6 retrieved from the storage, the comparison result indicating if the subset of the software 

7 environment has been modified. 

1 18. The method of claim 1 1 wherein protecting usage comprises: 

2 encrypting a first hash value of the subset of the software environment by the 

3 OSNK, the encrypted first hash value being stored in a storage; 

4 decrypting the encrypted first hash value using the OSNK; and 

5 comparing a second hash value to the decrypted first hash value retrieved from 

6 the storage, the comparison result indicating if the subset of the software environment has 

7 been modified. 

1 19.. The method of claim 1 1 wherein protecting usage comprises: 

2 generating a signature of the subset of the software environment using a private 

3 key; and 

4 verifying the signature using a public key to detect if the subset of the software 

5 environment has been modified. 

1 20. The method of claim 1 1 wherein detecting comprises: 
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2 generating a manifest of the subset of the software environment, the manifest 

3 describing the subset of the software environment; 

4 generating a manifest signature of the manifest using a private key, the private 

5 key being decrypted using the OSNK; 

6 verifying the encrypted manifest signature using a public key; and 

7 verifying the manifest, the verified manifest indicating if the subset of the 

8 software environment has been modified. 

1 21 . The method of claim 1 1 wherein the secure platform uses an isolated 

2 execution mode. 

1 22. The method of claim 1 1 wherein the software environment is one of a 

2 Windows operating system, a Windows 95 operating system, a Windows 98 operating 

3 system, a Windows NT operating system, and a Windows 2000 operating system. 

1 23. The method of claim 19 wherein the subset of the software environment is 

2 a registry of the operating system. 

3 24. The method of claim 14, wherein the BKO is generated at random on a 

4 first invocation of a processor nub. 

1 25 . A computer program product comprising: 
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2 a computer usable medium having computer program code embodied therein, the 

3 computer program product having: 

4 computer readable program code for generating an operating system nub key 

5 (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating 

6 system running on a secure platform; and 

7 computer readable program code for protecting usage a subset of the software 

8 environment using the OSNK. 

1 26. The computer program product of claim 21 wherein the computer readable 

2 program code for generating the OSNK comprises: 

3 computer readable program code for combining an identification of the OS nub 

4 and a master binding key (BKO) of the secure platform, the combined identification and 

5 the BKO corresponding to the OSNK. 

1 27. The computer program product of claim 22 wherein the identification is a 

2 hash value of one of the OS nub and a certificate representing the OS nub. 

1 28. The computer program product of claim 21 wherein the computer readable 

2 program code for protecting usage comprises: 

3 computer readable program code for encrypting the subset of the software 

4 environment using the OSNK. 
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1 29. The computer program product of claim 21 wherein the computer readable 

2 program code for protecting usage comprises: 

3 computer readable program code for encrypting a first hash value of the subset of 

4 the software environment using the OSNK, the encrypted first hash value being stored in 

5 a storage; 

6 computer readable program code for encrypting a second hash value of the subset 

7 of the software environment using the OSNK; and 



8 computer readable program code for comparing the encrypted second hash value 

9 and the encrypted first hash value retrieved from the storage, the comparison result 

10 indicating if the subset of the software environment has been modified. 

11 30. The computer program product of claim 21 wherein the computer readable 

12 program code for protecting usage comprises: 



13 computer readable program code for encrypting a first hash value of the subset of 

14 the software environment using the OSNK, the encrypted first hash value being stored in 

15 a storage; 

16 computer readable program code for decrypting the encrypted first hash value of 

17 the subset of the software environment using the OSNK; and 
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computer readable program code for comparing the second hash value and the 

decrypted first hash value retrieved from the storage, the comparison result indicating if 
042390.P8104 34 



20 the subset of the software environment has been modified. 

1 31. The computer program product of claim 2 1 wherein the computer readable 

2 program code for protecting usage comprises: 

3 computer readable program code for generating a signature of the subset of the 

4 software environment using a private key, the private key being decrypted using the 

5 OSNK; and 

6 computer readable program code for verifying the signature using a public key to 

7 detect if the subset of the software environment has been modified. 

1 32. The computer program product of claim 21 wherein the computer readable 

2 program code for protecting usage comprises: 

3 computer readable program code for generating a manifest of the subset of the 

4 software environment, the manifest describing the subset of the software environment; 

5 computer readable program code for generating a manifest signature of the 

6 manifest using a private key, the private key being decrypted using the OSNK; 

7 computer readable program code for verifying the manifest signature using a 

8 public key; and 

9 computer readable program code for verifying the manifest, the verified manifest 
10 indicating if the subset of the software environment has been modified. 
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33. The computer program product of claim 21 wherein the secure platform 
uses an isolated execution mode. 

34. The computer program product of claim 21 wherein the software 
environment is one of a Windows operating system, a Windows 95 operating system, a 
Windows 98 operating system, a Windows NT operating system, and a Windows 2000 
operating system. 

35. The computer program product of claim 29 wherein the subset of the 
software environment is a registry of an operating system. 

36. The computer program product of claim 26 wherein the BKO is generated 
at random on a first invocation of a processor nub. 

37. A system comprising: 
a processor; 

a storage coupled to the processor, the storage storing a subset of a software 
environment; and 

a usage protector comprising: 

a key generator to generate an operating system nub key (OSNK) unique to an 

operating system (OS) nub, the operating system nub being part of a software 

environment running on a secure platform; and 
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9 a usage protector coupled to the key generator to detect a subset of the software 

10 environment using the OSNK. 

1 38. The system of claim 3 1 wherein the key generator comprises: 

2 a combiner to combine an identification of the operating system nub and a master 

3 binding key (BKO) of the secure platform, the combined identification and BKO 

4 corresponding to the OSNK. 

1 39. The system of claim 32 wherein the identification is a hash value of one of 

2 the OS nub and a certificate representing the OS nub. 

m 

^ 1 40. The system of claim 31 wherein the usage protector comprises: 

2 an encryptor to encrypt the subset of the software environment using the OSNK. 
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1 41 . The system of claim 3 1 wherein the usage protector comprises: 

2 an encryptor to encrypt a first hash value of the subset of the software 

3 environment using the OSNK, the encrypted first hash value being stored in a storage; 

4 and 

5 a comparator to compare the encrypted second hash value and the encrypted first 

6 hash value retrieved from the storage, the comparison result indicating if the subset of the 

7 software environment has been modified. 

1 42. The system of claim 3 1 wherein the usage protector comprises: 
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2 an encryptor to encrypt a first hash value of the subset of the software 

3 environment using the OSNK, the encrypted first hash value being stored in a storage; 

4 and 

5 a comparator to compare the second hash value and the decrypted first hash value 

6 retrieved from the storage, the comparison result indicating if the subset of the software 

7 environment has been modified. 

1 43. The system of claim 3 1 wherein the usage protector comprises: 

2 a signature generator to generate a signature of the subset of the software 

3 environment using a private key, the private key being decrypted using the OSNK; and 

4 a signature verifier to verify the encrypted signature using a public key to detect if 

5 the subset of the software environment has been modified. 

1 44. The system of claim 3 1 wherein the usage protector comprises: 

2 a manifest generator to generate a manifest of the subset of the OS, the manifest 

3 describing the potion of the software environment; 

4 a signature generator coupled to the manifest generator to generate a manifest 

5 signature of the manifest using a private key, the private key being decrypted using the 

6 OSNK; 

7 a signature verifier coupled to the encryptor to verify the encrypted manifest 

8 signature using a public key; and a manifest verifier coupled to the signature verifier to 
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9 verify the manifest, the verified manifest indicating if the subset of the software 
10 environment has been modified. 

1 45. The system of claim 3 1 wherein the secure platform uses an isolated 

2 execution mode. 

1 46. The system of claim 3 1 wherein the software environment is one of a 

2 Windows operating system, a Windows 95 operating system, a Windows 98 operating 

3 system, a Windows NT operating system, and a Windows 2000 operating system. 

1 47. The system of claim 39 wherein the subset of the software environment is 

2 a registry of an operating system. 

48. The system of claim 38 wherein the BKO is generated at random on 
a first invocation of a processor nub. 
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